Privacy Policy

Preamble

This Privacy Policy ("Policy") is a legally binding agreement between Earnstak Technologies ("Earnstak," "we," "us," or "our") and any natural or legal person ("User," "Data Subject," "you," or "your") who accesses, registers on, or otherwise engages with the Earnstak Headless Commerce Overlay platform, related APIs, proprietary script infrastructure, and ancillary services (collectively, the "Platform" or "Service").

By accessing or using the Platform, including deployment of the Money Layer script on your sales pages, you acknowledge that you have read and consented to the data practices described in this Policy. If you do not agree, discontinue use of the Platform.

Earnstak operates in compliance with NDPR 2019 and NDPA 2023 and acknowledges core data protection principles under GDPR and CCPA.

1. Definitions

• Personal Data: Information relating to an identified or identifiable person (for example, name, email, IP address, payment credentials, and usage data).
• Processing: Any operation on Personal Data, including collection, storage, use, disclosure, or deletion.
• Data Controller: Earnstak Technologies, which determines the purpose and means of processing.
• Data Processor: A third party processing Personal Data on Earnstak's documented instructions.
• Headless Commerce Overlay: Earnstak's model that decouples storefront design from checkout/payment infrastructure.
• Money Layer: Earnstak's embeddable script used to inject checkout and payment infrastructure into sales pages.
• Consent: Freely given, specific, informed, and unambiguous agreement to data processing.

2. Data We Collect

We collect only data required to provide our services (data minimization principle).

Information You Provide

• Account Registration Data: Name, email address, and custom domain details.
• Billing Information: Data required for subscriptions and creator payouts. Raw card details are not stored on Earnstak servers.
• Project Configuration Data: Scripts, embeds, webhook configuration, and Money Layer settings.

Information Collected Automatically

• Technical Metadata: IP address, browser/device details, operating system, and referral URLs.
• Usage Analytics: Feature interactions, checkout event logs, and error reports (aggregated/pseudonymized where possible).
• Cookies: First-party cookies for authentication, session handling, and performance monitoring.

3. Legal Basis for Processing

• Performance of contract.
• Legitimate interests (for example security and fraud control).
• Legal obligations.
• Consent (including optional analytics/marketing).

4. How We Use Your Data

• Service delivery, checkout operations, and payout processing.
• Account management and subscription administration.
• Security monitoring, fraud detection, and abuse prevention.
• Legal/regulatory compliance (including AML/KYC where needed).
• Transactional service communications.
• Internal analytics and platform performance improvements.

5. Data Security and Infrastructure Protection

• Encryption in transit (TLS 1.2+).
• Encryption at rest (AES-256 or equivalent).
• Zero-trust security architecture.
• Need-to-know access controls and audited privileged access.
• Incident response, including timely notification obligations.

6. Third-Party Disclosure and Data Sharing

Earnstak does not sell or rent Personal Data. Data is shared only with authorized sub-processors needed to operate services.

• Payment processors (for example Paystack, Flutterwave, Stripe).
• Infrastructure and hosting providers.
• Analytics and monitoring providers under strict safeguards.

Personal Data may be disclosed where legally required by competent authorities.

7. International Data Transfers

Where data is transferred outside Nigeria or the EEA, Earnstak uses lawful mechanisms such as SCCs, adequacy decisions, or other recognized safeguards.

8. Your Rights as a Data Subject

• Right of access.
• Right to rectification.
• Right to erasure.
• Right to restrict processing.
• Right to data portability.
• Right to object.
• Right to withdraw consent.
• Right to lodge a complaint with a supervisory authority.

Submit verifiable requests to privacy@earnstak.com. Responses are provided within 30 days, extendable by up to 60 additional days for complex requests.

9. Data Retention

• Data is retained while your account is active.
• Post-termination retention may apply for up to 5 years to meet legal obligations.
• Long-term analytics data is irreversibly anonymized.

10. Children's Privacy

The Platform is not directed to individuals under 18. We do not knowingly collect Personal Data from minors. Contact privacy@earnstak.com for concerns.

11. Amendments to This Policy

We may update this Policy to reflect legal, operational, or service changes. Material changes are communicated at least 14 days before the effective date.

12. Governing Law and Dispute Resolution

This Policy is governed by the laws of the Federal Republic of Nigeria. Disputes are subject to the jurisdiction of competent Nigerian courts.

13. Contact and Data Controller Information

Earnstak Technologies

Data Protection Officer (DPO)

Email: privacy@earnstak.com

Website: earnstak.com

This Privacy Policy is a legally binding document. Users are advised to seek independent legal counsel where needed.